[unisog] Anyone have a citation for an academic research study on whether mandatory password changes increase security?
Stephen John Smoogen
smooge at unm.edu
Mon May 7 17:00:06 GMT 2007
H. Morrow Long wrote:
> Anyone have a citation for an academic research study on whether
> mandatory password expiration and changes increase security?
None that I could find. This is probably due to the fact that
expiration, change rules and such are psychology and not usually the
purview of CS.
In the end, a systems security is only as good as its users. If users do
not take security seriously... no matter how many technical
countermeasures.. you will end up with crap. I think a good place for
academic research papers would be to find social papers on decay of
various neighborhood/societies. It would also be a good reference on
what policy changes work do and do not work.
Stephen Smoogen -- ITS/Linux Administrator
MSC02 1520 1 University of New Mexico Albuquerque, NM 87131-0001
Phone: (505) 277-7343 Email: smooge at unm.edu
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the unisog